Lucene search
K

1290 matches found

ATTACKERKB
ATTACKERKB
added 2018/03/18 6:29 a.m.5 views

CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

7.8CVSS5.6AI score0.011EPSS
Exploits0References3
OSV
OSV
added 2018/03/18 6:29 a.m.25 views

PYSEC-2018-57

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

7.8CVSS0.7AI score0.011EPSS
Exploits0References3
OSV
OSV
added 2018/03/18 6:29 a.m.2 views

DEBIAN-CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

7.8CVSS7.4AI score0.011EPSS
Exploits0References1
CVE
CVE
added 2018/03/18 6:0 a.m.112 views

CVE-2018-8768

CVE-2018-8768 affects Jupyter Notebook up to version 5.4.1. A maliciously forged notebook can bypass sanitization, allowing JavaScript execution in the notebook context due to how invalid HTML is fixed by jQuery after sanitization (XSS risk). The issue is documented in multiple advisories (Debian...

7.8CVSS6AI score0.011EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2018/03/18 6:0 a.m.77 views

CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

7.8CVSS7.6AI score0.011EPSS
Exploits0
Cvelist
Cvelist
added 2018/03/18 6:0 a.m.26 views

CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

6.2AI score0.011EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2018/03/18 12:0 a.m.30 views

Jupyter Notebook -- vulnerability

MITRE reports: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

7.8CVSS7.6AI score0.011EPSS
Exploits0References1
Veracode
Veracode
added 2018/03/16 4:33 a.m.59 views

Remote Code Execution (RCE)

Jupyter notebook is vulnerable to remote code execution RCE attacks. A malicious user can pass a HTML/SVG file to the application to inject and execute arbitrary javascript code to the notebook server...

7.8CVSS8AI score0.011EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2017/12/11 12:0 a.m.6 views

HP Notebook SynTP.sys File Keylogging Code Debugging Vulnerability

The SynTP.sys file is part of the Synaptics touchpad driver that comes with some HP notebook models. The HP laptop SynTP.sys file keylogger code debugging vulnerability can be exploited by an attacker to abuse the debugging code of the keylogger component, e.g., a malware developer can enable...

7.1AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2017/11/11 3:18 p.m.13 views

notebook-laden.de XSS vulnerability

Open Bug Bounty ID: OBB-409819 Description| Value ---|--- Affected Website:| notebook-laden.de Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/10/16 8:5 a.m.12 views

arp.nl XSS vulnerability

Vulnerable URL: https://www.arp.nl/hp-probook-470-g4-notebook-y8a89et-ab'%22%3E%3Cimg%20src=x%20onerror=alert'OPENBUGBOUNTY'%3E%3C!-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 14.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

6.3AI score
Exploits0
Hewlett-Packard
Hewlett-Packard
added 2017/07/25 12:0 a.m.31 views

HPSBHF03560 rev 1 - Possible Elevation of Privilege and Information Disclosure via Intel® Software Guard Extensions (Intel® SGX) Vulnerability

Potential Security Impact Elevation of privilege, information disclosure Source: Intel Reported by: Intel VULNERABILITY SUMMARY Intel has discovered a vulnerability that could impact the security of Intel® Software Guard Extensions Intel® SGX. Before exploiting this vulnerability, the malicious...

9.3CVSS0.1AI score0.01439EPSS
Exploits0
Cvelist
Cvelist
added 2017/07/17 7:0 p.m.24 views

CVE-2017-3754

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code...

6.4AI score0.00337EPSS
Exploits0References1
CVE
CVE
added 2017/07/17 7:0 p.m.44 views

CVE-2017-3754

The CVE-2017-3754 entry relates to Lenovo notebook BIOS write protections not being properly configured, allowing an attacker with physical or administrative access to flash an arbitrary BIOS image and potentially run malicious BIOS code. Connected documents corroborate a BIOS write-protection co...

7.2CVSS6.3AI score0.00337EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2017/01/05 2:49 a.m.15 views

Cross-Site Request Forgery (CSRF)

Jupyter notebook is vulnerable to cross-site request forgery CSRF attacks. It does not properly check the CSRF token and set authorization header. Attackers could create untitled files and start kernels no remote execution or modification of existing files for users of certain browsers Firefox,...

6.5AI score
Exploits0
CNVD
CNVD
added 2016/11/30 12:0 a.m.6 views

Lenovo Notebook and ThinkServer Local Elevation of Privilege Vulnerability

Lenovo Notebook and ThinkServer are both products of the Chinese company Lenovo. The former is a line of laptops and the latter is a line of servers. A local elevation of privilege vulnerability exists in the Lenovo Notebook and ThinkServer systems. An attacker could exploit this vulnerability to...

4.6CVSS6.8AI score0.00304EPSS
Exploits0References1
Lenovo
Lenovo
added 2016/11/29 12:0 a.m.2 views

Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems - Lenovo Support US

No description provided...

5AI score
Exploits0
Hewlett-Packard
Hewlett-Packard
added 2016/08/17 12:0 a.m.17 views

HPSBHF3549 rev.2 - ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege

Potential Security Impact System downtime, or privilege escalation. Source:HP, HP Product Security Response Team PSRT Reported by: Dmytro Oleksiuk VULNERABILITY SUMMARY A security vulnerability identified with UEFI firmware, dubbed ThinkPwn, has been addressed in certain HP commercial notebook PC...

0.2AI score
Exploits0
Lenovo
Lenovo
added 2016/07/25 12:0 a.m.27 views

SuperFish Vulnerability

Lenovo Security Advisory: LEN-2015-010 Potential Impact: Man-in-the-Middle Attack Severity: High Summary: This advisory only applies to Lenovo Notebook products. ThinkPad, ThinkCentre, Lenovo Desktop, ThinkStation, ThinkServer and System x products are not impacted. SuperFish was previously...

6.6AI score
Exploits0
Lenovo
Lenovo
added 2016/07/25 12:0 a.m.18 views

SuperFish Vulnerability - Lenovo Support US

No description provided...

7.3AI score
Exploits0
Rows per page
Query Builder